bh: utils/testing create_ldap_users.py,1.7,1.8

cvs at kolab.org cvs at kolab.org
Mon May 18 20:31:05 CEST 2009 

Author: bh

Update of /kolabrepository/utils/testing
In directory doto:/tmp/cvs-serv11134/testing

Modified Files:
	create_ldap_users.py 
Log Message:
Add --set-password option to set the password of the new user accounts.
The password is salted and hashed using the SSHA method and put into the
userPassword attribute.


Index: create_ldap_users.py
===================================================================
RCS file: /kolabrepository/utils/testing/create_ldap_users.py,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- create_ldap_users.py	18 May 2009 17:23:38 -0000	1.7
+++ create_ldap_users.py	18 May 2009 18:31:03 -0000	1.8
@@ -43,6 +43,8 @@
 import ldap.modlist
 import getpass
 import time
+import sha
+import base64
 
 def open_ldap(ldapuri, admin_dn_part, pwd = None):
     conn = ldap.initialize(ldapuri)
@@ -65,8 +67,23 @@
             conn.modify_s(dn, [(ldap.MOD_ADD, "kolabDeleteFlag", hosts)])
             print dn, hosts
 
+def random_salt(length):
+    """Returns a random salt for use with salted password hashes"""
+    random = open("/dev/urandom")
+    try:
+        return random.read(length)
+    finally:
+        random.close()
 
-def add_user(conn, num_users, offset):
+SSHA_PREFIX = "{SSHA}"
+def encode_ssha(password, salt):
+    """SSHA-Encodes the password with the given salt"""
+    digester = sha.new(password)
+    digester.update(salt)
+    return SSHA_PREFIX + base64.b64encode(digester.digest() + salt)
+
+
+def add_user(conn, num_users, offset, set_password=None):
     kolab_info = fetch_kolab_info(conn)
 
     mail_domain = kolab_info["postfix-mydomain"][0]
@@ -79,6 +96,9 @@
         'kolabInvitationPolicy': ['ACT_MANUAL'],
         }
 
+    if set_password is not None:
+        common_attrs["userPassword"] = encode_ssha(set_password, random_salt(8))
+
     users =  [("test%d" % n, "auto", "autotest%d" % n)
               for n in range(offset, num_users + offset)]
     for sn, givenName, mailuid in users:
@@ -136,10 +156,11 @@
     entry_type = "user"
     group_member = None
     offset = 0
+    set_password = None
 
     opts, args = getopt.getopt(sys.argv[1:], 'h:p:u:n:o:t:',
                                ["host=", "port=", "user=", "num=", "offset=",
-                                "type=", "member="])
+                                "set-password=", "type=", "member="])
     for optchar, value in opts:
         if optchar in ("-h", "--host"):
             hostname = value
@@ -149,6 +170,8 @@
             admin_dn_part = value
         elif optchar in ("-o", "--offset"):
             offset = int(value)
+        elif optchar == "--set-password":
+            set_password = value
         elif optchar in ("-t", "--type"):
             entry_type = value
         elif optchar == "--member":
@@ -183,7 +206,7 @@
     conn = open_ldap(uri, admin_dn_part, pwd)
     if entry_type == "user":
         if cmd == "add":
-            add_user(conn, num_entries, offset)
+            add_user(conn, num_entries, offset, set_password=set_password)
         elif cmd == "delete":
             delete_auto_users(conn, offset)
     elif entry_type == "group":

More information about the commits mailing list